Why does SSL fail in Starman

Question

My setup works perfectly until I enable SSL.

This

starman -p 3001 app.psgi

works fine, but this:

starman --enable-ssl --ssl-cert a.crt --ssl-key a.key -p 3001 app.psgi

does not - generating this error:

Could not finalize SSL connection with client handle (SSL accept attempt failed error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request) 

on every request.

Running on perl 5, version 22, subversion 1 on AWS's Ubuntu 16.04.2 LTS

Ports seem to be forwarded ok:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:https redir ports 3001
2    REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:https redir ports 3001
3    REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http-alt redir ports 3001
4    REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 3001

Answer 1

Could not finalize SSL connection with client handle (SSL accept attempt failed error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request)

This indicates that the client has send a HTTP request instead of the expected HTTPS request. Please check all URL's used by the client - they should all be https:// and not http:// since you setup your server to be accessible by HTTPS only.

Answer 2

I has such issue and resolved it by installing python-certbot-apache from debian apt repo

But now i have another issue:

SSL_cert_file /etc/letsencrypt/live/..domain_here../cert.pem can't be used: Permission denied at /usr/local/share/perl/5.28.1/IO/Socket/SSL.pm line 2375.

chown of dir doesn't help.